You are not logged in.
- Topics: Active | Unanswered
#1 2016-12-19 04:29:06
- yousuc
- Member
- From: Missouri
- Registered: 2016-07-27
- Posts: 19
- Website
ipset w/ ufw service startup errors
Banging my head right now trying to get 'ipset' service to start before 'ufw' service.
journelctl log from boot:
Dec 18 22:14:30 webserv systemd[1]: ufw.service: Main process exited, code=exited, status=1/FAILURE
Dec 18 22:14:30 webserv systemd[1]: Failed to start CLI Netfilter Manager.
Dec 18 22:14:30 webserv systemd[1]: ufw.service: Unit entered failed state.
Dec 18 22:14:30 webserv systemd[1]: ufw.service: Failed with result 'exit-code'.ufw fails to load the before.rules because I have some additions to it that use the ipset list feature. Only way to get ufw start correctly is to log in and issue a 'ufw reload'.
Anyone else have this issue?
I have tried editing the service files for both and tried using 'Before' and 'After' settings but still fails.
Any help or ideas is greatly appreciated. TY
Offline
#2 2016-12-19 15:37:28
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 19,782
Re: ipset w/ ufw service startup errors
I am no expert, but have you tried the Requires= directive?
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Online
#3 2016-12-19 20:56:23
- yousuc
- Member
- From: Missouri
- Registered: 2016-07-27
- Posts: 19
- Website
Re: ipset w/ ufw service startup errors
I did add the Requires= as you suggested. Didn't work with just that, had also added the Before=
Here is journalctl
Dec 19 14:13:58 webserv systemd[1]: sysinit.target: Found ordering cycle on sysinit.target/start
Dec 19 14:13:58 webserv systemd[1]: sysinit.target: Found dependency on ufw.service/start
Dec 19 14:13:58 webserv systemd[1]: sysinit.target: Found dependency on ipset.service/start
Dec 19 14:13:58 webserv systemd[1]: sysinit.target: Found dependency on basic.target/start
Dec 19 14:13:58 webserv systemd[1]: sysinit.target: Found dependency on sockets.target/start
Dec 19 14:13:58 webserv systemd[1]: sysinit.target: Found dependency on dbus.socket/start
Dec 19 14:13:58 webserv systemd[1]: sysinit.target: Found dependency on sysinit.target/startHere are my 2 service files.
ufw.service:
[Unit]
Description=CLI Netfilter Manager
DefaultDependencies=no
After=systemd-sysctl.service
Before=sysinit.target
ConditionPathExists=|/etc/ufw/ufw.conf
ConditionDirectoryNotEmpty=|/usr/lib/ufw
Requires=ipset.service
[Service]
Type=oneshot
ExecStart=/usr/lib/ufw/ufw-init start
ExecStop=/usr/lib/ufw/ufw-init stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.targetipset.service:
[Unit]
Description=Loading IP Sets
Before=network-pre.target iptables.service ip6tables.service ufw.service
Wants=network-pre.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/ipset -f /etc/ipset.conf restore
ExecReload=/usr/bin/ipset -f /etc/ipset.conf restore
ExecStop=/usr/bin/ipset destroy
[Install]
WantedBy=multi-user.targetDoes not show an error in journel, but after i logged in after reboot, ufw was inactive, I did have it set to enable... Will investigate further, but I think I might be getting somewhere. TY
Offline